Offline registry tools and password resetter
Here are the source code and binary downloads (see bottom of page) for the registry tools,
along with documentation and release history.
This page is aimed at developers, tooldisk intergators, and system technicians.
If you just need to use the tool to reset a password on your system,
see the bootdisk download page.
Current features of the registry tools / library
Library:
- Open several hives at once (they are however not linked in path-wise)
- Add and remove keys (not rename, sorry)
- Add and remove values of any type. (no rename here either)
- Read data in values
- Put data into values.
- (Recursive) iterate / list keys, get values types etc.
- Recursive delete of keys
- Read key "class" field
- Expansion of the hive file is not supported yet, thus only free
space in it will be utilized when addid data.
- Currently just ignores security descriptors in the registry.
- Supports registry hives with different key indexing, so it covers
all versions from NT3.51 to Vista/Win7 32/64bit and 2008 server.
Features of the tools (based on the library):
- Simple interactive registry edit (command based), including hex edit of value data in
unsupported value types.
- Export of registry (or parts of it) to .reg file readable by
Windows regedit.exe. No import yet.
- Password reset, password change (partial)
- User unlock
- User promotion (add to administrators group)
- Some syskey reset actions (NT4/2k/XP), but risky.
- .. and a lot of information and debug info for those who are interested.
This is news summary for the library and tools. Please see source
and HISTORY.txt for more details.
2010-06-27
- Patches from Frediano Ziglio adding or fixing:
- - buffer overflow in export_subkey printing keyname
- - reg export: some quoting error (name and string values must be quoted)
- - adding support for wide character encoding in keys and value names
- - and some other bugs fixed
- New function from from Aleksander Wojdyga to decode Digital Product ID. Now in
registry editor, may be moved later. example dpi \Microsoft\Windows NT\CurrentVersion\DigitalProductId
- Syskey menu selection has been removed from text, but can still be
selected as number 2. So that people stop emailing me when it bombs out.
- Some other minor tweaks
2009-12-01
- New site, official URL is now: http://pogostick.net/~pnh/ntpasswd/
- All releases still contains old mail address, please note NEW
mailaddress is pnh@pogostick.net. Old mailaddress vil be
invalid after January 1st 2010.
- No new release, 2008-08-02 is still newest. Hope to release new
early 2010.
- Some of the newest releases (from 2008) seems to be working (more or less) on Windows 7 without any changes.
2008-08-02
Released a CD, but no changes to registry edit / password handling,
chntpw etc.
2008-05-26
- Fixed nasty bug which skipped first indirect index table when
deleting keys. Usually threw recusive delete into a endless loop.
- Type QWORD now recongnized. Believe it is from XP and newer
systems.
- Library functions accepting a path now has flag to say if search
should be exact or on first match (partial string) basis.
- Export to .reg file by Leo von Klenze (Thank you!), expanded to handle more
types by me.
- 64 bit compatible patch by Mike Doty, via Alon Bar-Lev, http://bugs.gentoo.org/show_bug.cgi?id=185411
2007-09-27
- Fixed hang in bootdisk/CD
- Also fixed a script crash in the floppy.
2007-09-26
- User promotion now official! You can add a user into the
administrator group, making the user an administrator!
- Password edit has cosmetical changes / menu control
- Some verbosity / text info has changed.
- A few smaller bugfixes
- Bootfloppy release is back. Better driver handling. Better NTFS handling.
2007-04-09 (guess it is 10 year anniversary!)
- Now with Vista support! 32 & 64 bit. (NTFS filesystem driver now supports Vista)
- CD has better driver support, changed quite a bit.
- Mostly cosmetical changes to "chntpw" program.
- Main password reset and regedit (chntpw + ntreg) code now made GPL licensed, for
those of you who care. Source available at the source page.
2006-04-06, release 060213
- Driver updates only, see download page for more info.
2005-03-03, release 050303
- Driver updates only, see download page for more info.
2004-12-05, release 041205
- New and improved driver probe on disk, now with probe based on PCI info.
The CD/floppy should now work much better for SATA and other drivers needing
multiple driver modules.
- Fixed a small bug causing crashes when loading some hives (end
pointer of last page seems to be way off sometimes). Thanks to Michael
Rothstein for providing a hive file with this "weirdness"
2004-11-01 (no new release)
- Added some info about "changes not taking effect" to the FAQ
2004-08-18, release 040818
- Fixed critical bugs in regedit hive allocation routines, earlier
versions may corrupt the hive when adding, expanding or deleting keys
or values. Earlier version should be safe for password edit usually.
- Added edit support for large keys (typically more than 500
subkeys), this happens often i SOFTWARE\Classes. As a bi-effect there
is now full support for writing NT 3.51 registry, too. (it's related
to key indices and indirect indices if many subkeys)
- Regedit string input bugfix. Often crashed earlier. Several people
reported this, with some suggestions. It's still ugly, however :/
- Regedit recursive key delete 'rdel' added. It is rather slow however, and
may hang or crash if given illegal key names. It also may produce some
debug output in some situations.
- Regedit 'hex' command to dump value in hex no matter what type the
value is.
- Regedit 'ck' command to dump class data of key, if it has
any. (most keys does not have class data). Keys with classes are marked with * in the
key listings. No edit of it yet.
- Some bugs fixed in hive file load/save, and error handling. Thanks
for reports from several people on this.
- Generally NO CHANGES to password edit stuff.
2004-08-09: IN VERSION 0401xx AND EARLIER: Some rather serious bugs have been discovered in the
allocation routines, which are used when adding or deleting values
or keys in the registry editor. In best case, they leak space,
in worst case, it may corrupt the file.
NOTE: This does not generally affect password changing, since password
reset just overwrites a few bytes in place, it does not reallocate space.
SUMMARY: Password edit OK. Regedit may not be. Expect new version out within a week or so.
2004-01-16, release 040116
- Completely new bootdisk system!
Hopefully a bit easier to understand and run through.
- Support for easy change of RecoveryConsole parameters (one of them
tells RecoveryConsole to NOT ask for admin password).
- A few bugfixes. For those of you wanting to look and build
chntpw from the source, it should now compile??
2003-04-26:
- Newer NTFS driver and internals of writebacks changed a bit on
floppy, may fix some hangs reported on writing back to NTFS.
- No changes to chntpw program itself
- John Simpson supplies
nice description on how to fix up lost admin password in ActiveDirectory.
2003-02-25:
- NTFS "hang on writeback" bugfix on floppy/CD.
- HighPoint (hpt) IDE chipset support added. No idea if it works.
- Highly expermimental and not complete feature added: User
promotion! Promote user into admin group.
- Will add any user to administrator group, remove from all
others.
- VERY LITTLE TESTED YET!
- Limitations: Not working on users which is not in any previous
group, may not work at all on some setups, will not check policies: Guest can be promoted, but will
most likely not be able to log in anyway because it is usually
denied in security policies. I know how to do this, but it is not
finished yet. This is still work in progress!
- To use, enter @ at password prompt. Change is set even if you
answer no on "do you wish to change" question. Please do not
try it if you do not want to risk a complete system reinstall.
- I need people that can test this on systems they are willing to
risk a reinstall on! Please contact me if you have any info.
Earlier history removed.. (started in 1997)
User "manual" & tech info in the README file,
or look inside the source.
See the INSTALL file inside the archive on how tou build.
ntreg.c & ntreg.h now somewhat makes a rather complete library for access
to the registry files. There is currenctly no documentation for the
different function calls, and all functions may change in future
releases. I plan on cleaning it up, and if possible mimicing the NT
API.
Explanation of win3.11, win95 and NT registry files
can be found in WinReg.txt, written by some German (I think, at least speaks German) named
B.D.
Sorry I don't have that persons full name, I can't find a name/address in the file,
and it was not credited when I picked it up from some website. This is the original
file as I found it, I've discovered some minor errors, but not corrected the file.
Look it up in my sourcecode for more detailed info.
See also thebootdisk page for easy-to-use
password reset system.
Please read the
Frequently asked questions
before asking questions. Thanks!
THIS SOFTWARE COMES WITH NO WARRANTY WHATSOEVER. THE AUTHOR IS NOT
RESPONSIBLE FOR ANY DAMAGE CAUSED BY THE (MIS)USE OF THIS SOFTWARE!
100627, pnh@pogostick.net